By default, sensors on any host with EMET installed will include EMET events in the logs that reported back to their Carbon Black EDR server. However, you can disable EMET event reporting for all sensors in a sensor group.
To disable EMET event reporting from a sensor group:
-
Log into Carbon Black EDR.
-
On the navigation menu, click Sensors .
-
On the Sensors page, select the sensor group to disable EMET event reporting.
-
When you have selected the sensor group, click the Edit Settings button to display the Edit Group Settings page.
-
Click on the Event Collection tab, deselect the EMET events checkbox.
-
Click Save Changes .
EMET event collection will no longer be included in the logs sent to the Carbon Black EDR server.
To re-enable EMET event collection for a sensor group, follow the same procedure but select the EMET events checkbox before saving the changes.
